Week in review: Migrating to Windows 7, VoIP vulnerability trends and online safety guide

Here’s an overview of some of last week’s most interesting news, interviews and articles:

Serious SQL flaw could have compromised millions of Rockyou.com users
The SQL injection flaw could have allowed attackers to access the 32 million entries of user names plus passwords in the Rockyou.com database.

Attacks on strong authentication factors need new defenses
Gartner analysts said that Trojan-based, man-in-the-browser attacks are circumventing strong two-factor authentication, enabled through one-time password tokens. Other strong authentication factors can be similarly defeated.

Facebook privacy and security guide
A video created by Tom Eston from SocialMediaSecurity walks you through the new Facebook privacy settings. It also covers notifications, Facebook Ads and hiding your Friends list from public searches.

Vendors deliver compromised products
Users should be aware of potential threats created by devices that are already compromised or tampered coming off the shelves.

Threat alert: Fake Flash greeting card
The text in the spam message instructs the recipient to view the attached card. The .zip attachment contains a .scr file that, when executed, attempts to infect the system with malicious software.

Q&A: Insider bank fraud
Shirley Inscoe, co-author of the book “Insidious: How Trusted Employees Steal Millions and Why It Is So Hard for Banks to Stop Them”, discusses insider bank fraud and what we can do to mitigate it.

Analysis of 1 billion spam messages
Project Honey Pot has decided it was time to share some of their findings with the public. The occurrence that spurred them into action was the receipt of the billionth spam email since the start of the Project in 2004.

Guide to online safety in 2010
The online consumer is more vulnerable than ever thanks to focused cyber crime tactics. In order to make online security a priority, MessageLabs says it’s best to watch out for these key trends in 2010.

Top vulnerable applications in 2009
Bit9 unveiled its annual report on the top popular consumer applications with known vulnerabilities.

Serious Adobe 0-day vulnerability in the wild
Another Adobe 0-day vulnerability has been spotted “in the wild”, in malicious PDFs that arrive by email.

Q&A: Security testing methodologies
Jon Clay, Senior Core Technology Marketing Manager at Trend Micro, discusses current testing methodologies in the security industry, outlines methodologies he’d like to see established and offers advice to developers of security products.

Migrating to Windows 7: A three step plan
With the release of Microsoft’s new Windows 7 operating system, many IT managers will be thinking about when to make the move to the new OS and how to make the process as painless as possible.

American Express phishing scam
Emails purportedly coming from American Express are making the rounds of inboxes this month, asking Amex customers to update their accounts.

VoIP vulnerability trends
McAfee Labs released a very interesting white paper about VoIP vulnerability trends and targets, and about protocol- and application-level attacks.

Twitter compromised, DNS hijacking to blame
Twitter web site appeared to be defaced by someone called “Iranian Cyber Army”. The situation was fixed and as it turned out, hack was a result of DNS hijacking.